source: http://www.securityfocus.com/bid/6685/info List Site PRO is a top site ranking system that counts hits from member sites and then ranks them according to the number of hits. A problem has been reported for List Site PRO that would allow an attacker to inject arbitrary values via html input form fields into the underlying flat-file database used by List Site PRO. A malicious user could sign up like this: username:username email:email@emial.com url:www.url.com bannerurl:www.site.com/banner.gif ||password|%User_ID%|60|468 banner height:68 banner width:460 password:pass To reset the sites,specified by %User_ID%,password to 'password'.
Related Exploits
Trying to match CVEs (1): CVE-2003-1350Trying to match OSVDBs (1): 59659
Other Possible E-DB Search Terms: List Site Pro 2.0, List Site Pro
Date | D | V | Title | Author | No matches |
---|